Category Archives: Encryption

Encryption can protect your consumer information, emails and other sensitive data as well as secure network connections. Today, there are many options to choose from, and finding one that is both secure and fits your needs is a must. Here are four encryption methods and what you should know about each one.

AES

The Advanced Encryption Standard, AES, is a symmetric encryption algorithm and one of the most secure. The United States Government use it to protect classified information, and many software and hardware products use it as well. This method uses a block cipher, which encrypts data one fixed-size block at a time, unlike other types of encryption, such as stream ciphers, which encrypt data bit by bit.

AES is comprised of AES-128, AES-192 and AES-256. The key bit you choose encrypts and decrypts blocks in 128 bits, 192 bits and so on. There are different rounds for each bit key. A round is the process of turning plaintext into cipher text. For 128-bit, there are 10 rounds; 192-bit has 12 rounds; and 256-bit has 14 rounds.

Since AES is a symmetric key encryption, you must share the key with other individuals for them to access the encrypted data. Furthermore, if you dont have a secure way to share that key and unauthorized individuals gain access to it, they can decrypt everything encrypted with that specific key.

3DES

Triple Data Encryption Standard, or 3DES, is a current standard, and it is a block cipher. Its similar to the older method of encryption, Data Encryption Standard, which uses 56-bit keys. However, 3DES is a symmetric-key encryption that uses three individual 56-bit keys. It encrypts data three times, meaning your 56-bit key becomes a 168-bit key.

Unfortunately, since it encrypts data three times, this method is much slower than others. Also, because 3DES uses shorter block lengths, it is easier to decrypt and leak data. However, many financial institutions and businesses in numerous other industries use this encryption method to keep information secure. As more robust encryption methods emerge, this one is being slowly phased out.

Twofish

Twofish is a symmetric block cipher based on an earlier block cipher Blowfish. Twofish has a block size of 128-bits to 256 bits, and it works well on smaller CPUs and hardware. Similar to AES, it implements rounds of encryption to turn plaintext into cipher text. However, the number of rounds doesnt vary as with AES; no matter the key size, there are always 16 rounds.

In addition, this method provides plenty of flexibility. You can choose for the key setup to be slow but the encryption process to be quick or vice versa. Furthermore, this form of encryption is unpatented and license free, so you can use it without restrictions.

RSA

This asymmetric algorithm is named after Ron Rivest, Adi Shamir and Len Adelman. It uses public-key cryptography to share data over an insecure network. There are two keys: one public and one private. The public key is just as the name suggests: public. Anyone can access it. However, the private key must be confidential. When using RSA cryptography, you need both keys to encrypt and decrypt a message. You use one key to encrypt your data and the other to decrypt it.

According to Search Security, RSA is secure because it factors large integers that are the product of two large prime numbers. Additionally, the key size is large, which increases the security. Most RSA keys are 1024-bits and 2048-bits long. However, the longer key size does mean its slower than other encryption methods.

While there are many additional encryption methods available, knowing about and using the most secure ones ensures your confidential data stays secure and away from unwanted eyes.

Encryption has a long history dating back to when the ancient Greeks and Romans sent secret messages by substituting letters only decipherable with a secret key. Join us for a quick history lesson and learn more about how encryption works.

In todays edition of HTG Explains, well give you a brief history of encryption, how it works, and some examples of different types of encryptionmake sure you also check out the previous edition, where we explained why so many geeks hate Internet Explorer.

Image by xkcd, obviously.

The ancient Greeks used a tool called a Scytale to help encrypt their messages more quickly using a transposition cipherthey would simply wrap the strip of parchment around the cylinder, write out the message, and then when unwound wouldnt make sense.

This encryption method could be fairly easily broken, of course, but its one of the first examples of encryption actually being used in the real world.

Julius Caesar used a somewhat similar method during his time by shifting each letter of the alphabet to the right or left by a number of positionsan encryption technique known as Caesars cipher. For instance, using the example cipher below youd write GEEK as JHHN.

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZCipher: DEFGHIJKLMNOPQRSTUVWXYZABC

Since only the intended recipient of the message knew the cipher, it would be difficult for the next person to decode the message, which would appear as gibberish, but the person that had the cipher could easily decode and read it.

Other simple encryption ciphers like the Polybius square used a polyalphabetic cipher that listed each letter with the corresponding numeric positions across the top and side to tell where the position of the letter was.

Using a table like the one above you would write the letter G as 23, or GEEK as 23 31 31 43.

Enigma Machine

During World War II, the Germans used the Enigma machine to pass encrypted transmissions back and forth, which took years before the Polish were able to crack the messages, and give the solution to the Allied forces, which was instrumental to their victory.

Lets face it: modern encryption techniques can be an extremely boring subject, so instead of just explaining them with words, weve put together a comic strip that talks about the history of encryption, inspired by Jeff Mosers stick figure guide to AES. Note: clearly we cannot convey everything about encryptions history in a comic strip.

Back in those days, people do not have a good encryption method to secure their electronic communication.

Lucifer was the name given to several of the earliest civilian block ciphers, developed by Horst Feistel and his colleagues at IBM.

The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally.

Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s: examples include RC5, Blowfish, IDEA, NewDES, SAFER, CAST5 and FEAL

The Rijndael encryption algorithm was adopted by the US Government as standard symmetric-key encryption, or Advanced Encryption Standard (AES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable encryption algorithm.

Many encryption algorithms exist, and they are all suited to different purposesthe two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.

As a good example of the speed difference between different types of encryption, you can use the benchmarking utility built into TrueCrypts volume creation wizardas you can see, AES is by far the fastest type of strong encryption.

There are both slower and faster encryption methods, and they are all suited for different purposes. If youre simply trying to decrypt a tiny piece of data every so often, you can afford to use the strongest possible encryption, or even encrypt it twice with different types of encryption. If you require speed, youd probably want to go with AES.

For more on benchmarking different types of encryption, check out a report from Washington University of St. Louis, where they did a ton of testing on different routines, and explained it all in a very geeky write-up.

All the fancy encryption algorithm that we have talked about earlier are mostly used for two different types of encryption:

To explain this concept, well use the postal service metaphor described in Wikipedia to understand how symmetric key algorithms works.

Alice puts her secret message in a box, and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alices key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and read the message. Bob can then use the same padlock to send his secret reply.

Symmetric-key algorithms can be divided into stream ciphers and block ciphersstream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits, often in blocks of 64 bits at a time, and encrypt them as a single unit. Theres a lot of different algorithms you can choose fromthe more popular and well-respected symmetric algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

In an asymmetric key system, Bob and Alice have separate padlocks, instead of the single padlock with multiple keys from the symmetric example. Note: this is, of course, a greatly oversimplified example of how it really works, which is much more complicated, but youll get the general idea.

First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alices open padlock to lock the box before sending it back to her.

The critical advantage in an asymmetric key system is that Bob and Alice never need to send a copy of their keys to each other. This prevents a third party (perhaps, in the example, a corrupt postal worker) from copying a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were careless and allowed someone else to copy his key, Alices messages to Bob would be compromised, but Alices messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.

Asymmetric encryption uses different keys for encryption and decryption. The message recipient creates a private key and a public key. The public key is distributed among the message senders and they use the public key to encrypt the message. The recipient uses their private key any encrypted messages that have been encrypted using the recipients public key.

Theres one major benefit to doing encryption this way compare to symmetric encryption. We never need to send anything secret (like our encryption key or password) over an insecure channel. Your public key goes out to the worldits not secret and it doesnt need to be. Your private key can stay snug and cozy on your personal computer, where you generated itit never has to be e-mailed anywhere, or read by attackers.

For many years, the SSL (Secure Sockets Layer) protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.

The web server sends its public key with its certificate.The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.The web server decrypts the symmetric encryption key using its private key and uses the browsers symmetric key to decrypt its URL and http data.The web server sends back the requested html document and http data encrypted with the browsers symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.

And now you can securely buy that eBay item you really didnt need.

If you made it this far, were at the end of our long journey to understanding encryption and a little bit of how it worksstarting from the early days of encryption with the Greeks and Romans, the rise of Lucifer, and finally how SSL uses asymmetric and symmetric encryption to help you buy that fluffy pink bunny on eBay.

Were big fans of encryption here at How-To Geek, and weve covered a lot of different ways to do things like:

Of course encryption is far too complicated a topic to really explain everything. Did we miss something important? Feel free to lay some knowledge on your fellow readers in the comments.

In an effort led by CEO Mark Zuckerberg, Facebook has plans to rearchitect WhatsApp, Instagram direct messages, and Facebook Messenger so that messages can travel across any of the platforms. The New York Times first reported the move Friday, noting also that Zuckerberg wants the initiative to “incorporate end-to-end encryption.” Melding those infrastructures would be a massive task regardless, but designing the scheme to universally preserve end-to-end encryptionin a way that users understandposes a whole additional set of critical challenges.

As things stand now, WhatsApp chats are end-to-end encrypted by default, while Facebook Messenger only offers the feature if you turn on “Secret Conversations.” Instagram does not currently offer any form of end-to-end encryption for its chats. WhatsApp’s move to add default encryption for all users was a watershed moment in 2016, bringing the protection to a billion people by flipping one switch.

Facebook is still in the early planning stages of homogenizing its messaging platforms, a move that could increase the ease and number of secured chats online by a staggering order of magnitude. But cryptographers and privacy advocates have already raised a number of obvious hurdles the company faces in doing so. End-to-end encrypted chat protocols ensure that data is only decrypted and intelligible on the devices of the sender and recipient. At least, that’s the idea. In practice, it can be difficult to use the protection effectively if it’s enabled for some chats and not for others and can turn on and off within a chat at different times. In attempting to unify its chat services, Facebook will need to find a way to help users easily understand and control end-to-end encryption as the ecosystem becomes more porous.

“The big problem I see is that only WhatsApp has default end-to-end encryption,” says Matthew Green, a cryptographer at Johns Hopkins. “So if the goal is to allow cross-app traffic, and its not required to be encrypted, then what happens? There are a whole range of outcomes here.”

WhatsApp users, for example, can assume that all of their chats are end-to-end encrypted, but what will happen in Facebook’s newly homogenized platform if an Instagram user messages a WhatsApp user? It’s unclear what sort of defaults Facebook will impose, and how it will let users know whether their chats are encrypted.

Facebook can also glean more data from unencrypted chats and introduce monetizable experiences like bots into them. The company has had a notoriously hard time earning revenue off of WhatsApp’s 1.5 billion users, in part because of end-to-end encryption.

“We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private,” a Facebook spokesperson said in a statement on Friday. “We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks. As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work.”

Facebook emphasizes that this gradual process will allow it to work out all the kinks before debuting a monolithic chat structure. But encryption’s not the only area of concern. Privacy advocates are concerned about the potential creation of a unified identity for people across all three services, so that messages go to the right place. Such a setup could be convenient in many ways, but it could also have complicated ramifications.

In 2016, WhatsApp started sharing user phone numbers and other analytics with Facebook, perforating what had previously been a red line between the two services. WhatsApp still lets users make an account with only a phone number, while Facebook requires your legal name under its controversial “real name” policy. The company maintains this rule to prevent confusion and fraud, but its rigidity has caused problems for users who have other safety and security reasons for avoiding their legal or given name, such as being transgender.

“If the goal is to allow cross-app traffic, and its not required to be encrypted, then what happens?”

Matthew Green, Johns Hopkins University

In a Wall Street Journal opinion piece on Thursday evening, Zuckerberg wrote that, “Theres no question that we collect some information for adsbut that information is generally important for security and operating our services as well.” An indelible identity across Facebook’s brands could have security benefits like enabling stronger anti-fraud protections. But it could also unlock an even richer and more nuanced user data trove for Facebook to mine, and potentially make it harder to use one or more of the services without tying those profiles to a central identity.

“The obvious identity issue is usernames. I’m one thing on Facebook and another on Instagram,” says Jim Fenton, an independent identity privacy and security consultant. “In some ways, having the three linked more closely together would be good because it would make it more transparent that they are connected. But there are some Instagram and WhatsApp users who don’t want to use Facebook. This might be seen as a way to try to push more people in.”

Such a change to how chat works on the three brands isn’t just a potentially massive shift for usersit also seems to have stirred deep controversy within Facebook itself, and may have contributed to the departure last year of WhatsApp cofounders Jan Koum and Brian Acton.

End-to-end encryption is also difficult to implement correctly, because any oversight or bug can undermine the whole scheme. For example, both WhatsApp and Facebook Messenger currently use the open-source Signal protocol (used in the Signal encrypted messaging app), but the implementations are different, because one service has the encryption on by default and the other doesn’t. Melding these different approaches could create opportunities for error.

“Theres a world where Facebook Messenger and Instagram get upgraded to the default encryption of WhatsApp, but that probably isn’t happening,” Johns Hopkins’ Green says. “Its too technically challenging and would cost Facebook access to lots of data.”

And while end-to-end encryption can’t solve every privacy issue for everyone all the time anyway, it’s harder to know how to take advantage of it safely when a service doesn’t offer it consistently, and creates potential privacy issues when it centralizes identities.

“I think they can work this out,” Fenton says. “The bigger problem in my opinion is user confusion.”

The Marriott mega-breach is calling attention to the issues of whether organizations are storing too much data and whether they’re adequately protecting it with the proper encryption steps.

See Also: The Role of Threat Intelligence in Cyber Resilience

In its revised findings about a mega-breach that it now says affected 327 million customers, Marriott notes that 25.6 million passport numbers were exposed in the breach, of which 5.25 million were unencrypted. “There is no evidence that the unauthorized third party accessed the master encryption key needed to decrypt the encrypted passport numbers,” Marriott says. But that doesn’t mean that the attackers couldn’t later brute-force decrypt the numbers (see: Marriott Mega-Breach: Victim Count Drops to 383 Million).

Also exposed in the breach were approximately 8.6 million encrypted payment cards that were being stored by Marriott. By the time the breach was discovered in late 2018, however, Marriott says most of the payment cards had already expired. As with the passport data, “there is no evidence that the unauthorized third party accessed either of the components needed to decrypt the encrypted payment card numbers,” Marriott says.

U.S. Sen. Mark Warner, D-Virginia, says the breach highlights a failure by many organizations to minimize the amount of data they routinely store on consumers.

“It’s unacceptable that Marriott was retaining sensitive data like passport numbers for so long, and it’s unconscionable that it kept this data unencrypted,” said Warner, who co-chairs the Senate Cybersecurity Caucus, the Wall Street Journal reported.

Meanwhile, security experts around the world are calling attention to the need to take all necessary steps to properly encrypt sensitive data that organizations store.

Although cryptography is being added to more backend applications, it’s often being implemented incorrectly, contends Steve Marshall, chief information security officer and head of cyber consulting at Bytes Software Services, a U.K.-based IT company. “This often leaves organizations with a false sense of security, which, unfortunately becomes evident when they are attacked,” he says.

And with governments across the world pushing for encryption backdoors to be used by law enforcement, the hacking risks could get worse.

Jagdeep Singh, head of risk and governance at Instarem, a Singapore-based payments company, says many companies worldwide make common mistakes when implementing encryption. For example, they:

Tarun Pant, CEO at SecurelyShare, a Bangalore-based company, says too many organizations focus on encrypting data while it’s transmitted but fail to encrypt it when it’s at rest.

“Many organizations don’t do end-to-end encryption of data,” he says. “Hence, the weakest link is often the source of the breach. Data at rest, if not encrypted with source key, leads to breaches from within the organization.”

Too many companies take a “check list” approach to data security, focusing narrowly on regulatory compliance. These firms often don’t devote enough time and effort to properly implementing encryption, security experts say.

“Many development teams adding encryption to their code call it a day once they achieve the minimum security needed for a regulatory checkmark. This attitude is dangerous,” Singh says (see: Demystifying DevSecOps and Its Role in App Security).

Kevin Bocek, vice president of security strategy and threat intelligence for Salt Lake City, Utah-based Venafi, a cybersecurity company that develops software to secure and protect cryptographic keys, says managing machine identities that are used to establish encryption is challenging for many organizations.

“Investigations have shown that simply not keeping track of machine identities, like TLS certificates, can create encrypted tunnels for hackers to hide in,” Bocek says. “In addition, if a simple machine identity, like a key and certificate, not being updated, mobile networks across entire countries can be impacted.”

Depending on where encryption occurs – column level vs. application level – what encryption techniques are used and what kind of vulnerability is being exploited, attackers can use many different techniques to cause data breaches, says Sandesh Anand, managing consultant at Synopsys, a Mountain View, Calif.-based technology company.

“Practitioners should not build their own crypto algorithms or libraries,” he stresses. “They should instead focus on implementing well-known, peer-reviewed, secure algorithms properly.”

Anand says the best algorithms to use are AES or Advanced Encryption Standard for symmetric encryption algorithm, RSA for asymmetric encryption algorithm and SHA-256 for hashing.

Mistakes in key management also can lead to trouble, Anand says. “Often firms end up either using short keys or they end up using the same key for months,” he says. “Then there is the problem of insecure key management.”

Pune-based Rohan Vibhandik, a security researcher with a multinational company, notes: “Storing or transmitting keys insecurely remains a common mistake, especially in case of a symmetric key where a single key is used at both ends – encryption and decryption.”

While it’s important to secure the storage of machine identities, including keys, it’s become even more critical to be able to have the capability to change machine identities fast, Bocek stresses.

“Browsers can distrust Certificate Authorities. This means businesses have to quickly find and change out machine identities, like TLS keys and certificates, used for encryption,” he says.

While encryption plays an important role in data security, it’s not a cure-all, security experts stress.

“Encryption is just one of the many controls that protect data while in transit or at rest,” Singh says. “However, there are numerous ways to circumvent encryption in a client-server model. “Also, encryption technologies and the way they get adopted are still evolving.”

Anand notes: “Remember: The strength of a chain is the weakest link. So, if crypto keys are lying around in insecure locations or if database admins use weak passwords, data can still be breached. Finally, insecure application controls can also lead to a breach.”

An important aspect of encryption is proper key management.

“Key management is a challenge that grows with the size and complexity of your environment,” Pant says. “The larger the user base, the more diverse the environment, the more distributed the keys are. Hence the challenges of key management will be greater.”

Singh recommends organizations avoid saving keys in the same server as the encrypted data.

“One needs to ensure that private keys, when stored, are non-exportable. Also, one must not use the same keys for both directions,” he says. He also recommends adoption of proper standards, including TLS, or Transport Layer Security, while data is in transit. “Avoid using secure sockets layer as it is outdated,” he emphasizes.

To help ensure that encrypted data remains untampered, adding a layer of hashing and salting is essential, Vibhandik says.

“When data is encrypted, one must hash it using functions like MD5 and SHA,” he says. “To provide further layered security to the hashed data, SALT function must be used; that can prevent tampering of data.

“One must remember that hashing does not add any privacy to data; it only saves against any data alteration or tampering attempts. Encryption provides privacy to your data but does not make it tamper proof. So a combination of both is important for endpoint and end-to-end communication and data security.”

This InfoCenteris a collection of resourcesaboutencryption for stored informationonportable devices, such as laptops, tablets, and externally attachedstorage. (Refer to TLS certificates in the Related InfoCenters box forinformation related toencrypted network communications.) The Help Desk provides general support for Windows BitLocker and for OSX FileVault2 full disk encryption.Questionsshould normally be handled by a departmental IT support person, and if necessary willbe escalated to the InformationSecurity & PolicyOffice or the ITS Enterprise Client Management team.

Encryption is a method to protect digital information, byscrambling it as it travels across the Internet, or scrambling it when the information is “at rest”or stored on our computers. This ensures that only authorized users can decrypt (un-scramble) the information and use it. Encryption enhances the privacy and confidentiality, as well as the integrity and authenticity of our information. It helps us keep our information safe.

Portable devices such as laptops, tablets, and USB storage are most at risk for being misplaced or stolen. If a device is lost or stolen, encryption prevents unauthorized users from accessing data stored locally on the device. Without encryption, unauthorized users canuse various techniques to bypass the accounts and permissions in order to access the localdrive contents.

In order to meet our legal obligations and our responsibility to protect the privacy of those we serve, The University of Iowa requires full disk encryption to be implemented onall university owned mobile computing devices (i.e.laptops,tablets, USBstorage). The best way to avoid theft or lossof sensitive data is to keepit in a secure file storage offering such as OneDrive, RDSS,or department shared drives, where it’s physically secured and regularly backed up. Then,you can easily access the information remotelyfrom your mobile computer. However, encryption is oursafety net for new files,temporary (cached) files, and other information that is stored on a mobile device.

Everyone uses network encryption today: over https connections from your browser to a website, over cellular phone-to-tower communications, and also over wireless networks that require a login or connection password, such as Eduroam, in order to protect the privacy of communications. Full disk encryption is similarly designed to protect information when its stored.

Encryption is a means of securing digital data using an algorithm and a password, or key. The encryption process translates information using an algorithm that turns plain text unreadable. When an authorized user needs to read the data, they may decrypt the data using a binary key.

Encryption is an important way for individuals and companies to protect sensitive information from hacking. For example, websites that transmit credit card and bank account numbers should always encrypt this information to prevent identity theft and fraud.

Encryption strength depends on the length of the encryption security key. In the latter quarter of the 20th century, web developers used either 40 bit encryption, which is a key with 240 possible permutations, or 56 bit encryption. However, by the end of the century hackers could break those keys through brute-force attacks. This led to a 128 bit system as the standard encryption length for web browsers.

The Advanced Encryption Standard (AES) is a protocol for data encryption created in 2001 by the U.S. National Institute of Standards and Technology. AES uses a 128 bit block size, and key lengths of 128, 192 and 256 bits.

AES uses a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. Asymmetric-key algorithms use different keys for the encryption and decryption processes.

Today, 128-bit encryption is standard but most banks, militaries and governments use 256-bit encryption.

In May of 2018, the Wall Street Journal reported that despite the importance and accessibility of encryption, many corporations still fail to encrypt sensitive data. By some estimates, companies encryped only one-third of all sensitive corporate data in 2016, leaving the remaining two thirds sensitive to theft or fraud.

Encryption makes it more difficult for a company to analyze its own data, using either standard means or artificial intelligence. Speedy data analysis can sometimes mean the difference between which of two competing companies gains a market advantage, which partly explains why companiesresist encrypting data.

Consumers should understand that encryption does not always protect data from hacking. For example, in 2013 hackers attacked Target Corporation and managed to compromise the information of up to 40 million credit cards. According to Target, the credit card information was encrypted, but the hackers sophistication still broke through the encryption. This hack was the second largest breach of its kind in U.S. history and led to an investigation by the U.S. Secret Service and the Justice Department.

Note: By default, an instance type that includes an NVMe instance store encrypts data at rest using an XTS-AES-256 block cipher. See this FAQ about NVMe-supported instance types. If youre using an NVMw instance type, then data at rest is encrypted by default, and this post doesnt apply to your situation.

Encrypting data at rest is vital for regulatory compliance to ensure that sensitive data saved on disks is not readable by any user or application without a valid key. Some compliance regulations such as PCI DSS and HIPAA require that data at rest be encrypted throughout the data lifecycle. To this end, AWS provides data-at-rest options and key management to support the encryption process. For example, you can encrypt Amazon EBS volumes and configure Amazon S3 buckets for server-side encryption (SSE) using AES-256 encryption. Additionally, Amazon RDS supports Transparent Data Encryption (TDE).

Instance storage provides temporary block-level storage for Amazon EC2 instances. This storage is located on disks attached physically to a host computer. Instance storage is ideal for temporary storage of information that frequently changes, such as buffers, caches, and scratch data. By default, files stored on these disks are not encrypted.

In this blog post, I show a method for encrypting data on Linux EC2 instance stores by using Linux built-in libraries. This method encrypts files transparently, which protects confidential data. As a result, applications that process the data are unaware of the disk-level encryption.

First, though, I will provide some background information required for this solution.

You can use two methods to encrypt files on instance stores. The first method is disk encryption, in which the entire disk or block within the disk is encrypted by using one or more encryption keys. Disk encryption operates below the file-system level, is operating-system agnostic, and hides directory and file information such as name and size. Encrypting File System, for example, is a Microsoft extension to the Windows NT operating systems New Technology File System (NTFS) that provides disk encryption.

The second method is file-system-level encryption. Files and directories are encrypted, but not the entire disk or partition. File-system-level encryption operates on top of the file system and is portable across operating systems.

Dm-crypt is a Linux kernel-level encryption mechanism that allows users to mount an encrypted file system. Mounting a file system is the process in which a file system is attached to a directory (mount point), making it available to the operating system. After mounting, all files in the file system are available to applications without any additional interaction; however, these files are encrypted when stored on disk.

Device mapper is an infrastructure in the Linux 2.6 and 3.x kernel that provides a generic way to create virtual layers of block devices. The device mapper crypt target provides transparent encryption of block devices using the kernel crypto API. The solution in this post uses dm-crypt in conjunction with a disk-backed file system mapped to a logical volume by the Logical Volume Manager (LVM). LVM provides logical volume management for the Linux kernel.

The following diagram depicts the relationship between an application, file system, and dm-crypt. Dm-crypt sits between the physical disk and the file system, and data written from the operating system to the disk is encrypted. The application is unaware of such disk-level encryption. Applications use a specific mount point in order to store and retrieve files, and these files are encrypted when stored to disk. If the disk is lost or stolen, the data on the disk is useless.

In this post, I create a new file system called secretfs. This file system is encrypted using dm-crypt. This example uses LVM and Linux Unified Key Setup (LUKS) to encrypt a file system. The encrypted file system sits on the EC2 instance store disk. Note that the internal store file system is not encrypted but rather a newly created file system.

The following diagram shows how the newly encrypted file system resides in the EC2 internal store disk. Applications that need to save sensitive data temporarily will use the secretfs mount point (/mnt/secretfs) directory to store temporary or scratch files.

This solution has three requirements for the solution to work. First, you need to configure the related items on boot using EC2 launch configuration because the encrypted file system is created at boot time. An administrator should have full control over every step and should be able to grant and revoke the encrypted file system creation or access to keys. Second, you must enable logging for every encryption or decryption request by using AWS CloudTrail. In particular, logging is critical when the keys are created and when an EC2 instance requests password decryption to unlock an encrypted file system. Lastly, you should integrate the solution with other AWS services, as described in the next section.

I use the following AWS services in this solution:

The following high-level architectural diagram illustrates the solution proposed in order to enable EC2 instance store encrypting. A detailed implementation plan follows in the next section.

In this architectural diagram:

First, you create a bucket for storing the file that holds the encrypted password. This password (key) will be used to encrypt the file system. Each EC2 instance upon boot copies the file, reads the encrypted password, decrypts the password, and retrieves the plaintext password, which is used to encrypt the file system on the instance store disk.

In this step, you create the S3 bucket that stores the encrypted password file, and apply the necessary permissions. If you are using an Amazon VPC endpoint for Amazon S3, you also need to add permissions to the bucket to allow access from the endpoint. (For a detailed example, see Example Bucket Policies for VPC Endpoints for Amazon S3.)

To create a new bucket:

When an EC2 instance boots, it must read the encrypted password file from S3 and then decrypt the password using KMS. In this section, I configure an IAM policy that allows the EC2 instance to assume a role with the right access permissions to the S3 bucket. The following policy grants the correct access permissions, in which your-bucket-name is the S3 bucket that stores the encrypted password file.

To create and configure the IAM policy:

The preceding policy grants read access to the bucket where the encrypted password is stored. This policy is used by the EC2 instance, which requires you to configure an IAM role. You will configure KMS permissions later in this post.

You now should have a new IAM role listed on the Roles page. ChooseRoles to list all roles in your account and then select the role you just created as shown in the following screenshot.

Next, you use KMS to encrypt a secret password. To encrypt text by using KMS, you must use AWS CLI. AWS CLI is installed by default on EC2 Amazon Linux instances and you caninstallit on Linux, Windows, or Mac computers.

To encrypt a secret password with KMS and store it in the S3 bucket:

The preceding commands encrypt the password (Base64 is used to decode the cipher text). The command outputs the results to a file called LuksInternalStorageKey. It also creates a key alias (key name) that makes it easy to identify different keys; the alias is called EncFSForEC2InternalStorageKey. The file is then copied to the S3 bucket I created earlier in this post.

Next, you grant the role access to the key you just created with KMS:

In this section, you launch a new EC2 instance with the new IAM role and a bootstrap script that executes the steps to encrypt the file system, as described earlier in the Architectural overview section:

You can list the encrypted file systems status. First, SSH to the EC2 instance using the key pair you used to launch the EC2 instance. (For more information about logging in to an EC2 instance using a key pair, see Getting Started with Amazon EC2 Linux Instances.) Then, run the following command as root.

As the commands results should show, the file system is encrypted with AES-256 using XTS mode. XTS is a configuration method that allows ciphers to work with large data streams, without the risk of compromising the provided security.

This blog post shows you how to encrypt a file system on EC2 instance storage by using built-in Linux libraries and drivers with LVM and LUKS, in conjunction with AWS services such as S3 and KMS. If your applications need temporary storage, you can use an EC2 internal disk that is physically attached to the host computer. The data on instance stores persists only during the lifetime of its associated instance. However, instance store volumes are not encrypted. This post provides a simple solution that balances between the speed and availability of instance stores and the need for encryption at rest when dealing with sensitive data.

If you have comments about this blog post, submit them in the Comments section below. If you have implementation questions about the solution in this post, please start a new thread on the EC2 forum.

A transition in cryptographic technologies is underway. New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements. Many of the algorithms that are in extensive use today cannot scale well to meet these needs. RSA signatures and DH key exchange are increasingly inefficient as security levels rise, and CBC encryption performs poorly at high data rates. An encryption system such as an IPsec Virtual Private Network uses many different component algorithms, and the level of security that it provides is limited by the lowest security level of each of those components. What we need is a complete algorithm suite in which each component provides a consistently high level of security and can scale well to high throughput and high numbers of connections. The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. More on these algorithms below, but first, some good news: the new ISR Integrated Services Module brings these next-generation encryption (NGE) technologies to IPsec Virtual Private Networks, providing a security level of 128 bits or more. These technologies are future proof: the use of NGE enables a system to meet the security requirements of the next decade, and to interoperate with future products that leverage NGE to meet scalability requirements. NGE is based on IETF standards, and meets the government requirements for cryptography stipulated in FIPS-140.

NGE uses new crypto algorithms because they will scale better going forward. This is analogous to the way that jets replaced propeller planes; incremental improvements in propeller-driven aircraft are always possible, but it was necessary to adopt turbojets to achieve significant advances in speed and efficiency.

The community that needs a new technology most leads its adoption. For instance, the transition from propellers to jet engines happened for military applications before jets were adopted for commercial use. Similarly, governments are leading the transition to next generation encryption. The U.S. government selected and recommended a set of cryptographic standards, called Suite B because it provides a complete suite of algorithms that are designed to meet future security needs. Suite B has been approved for protecting classified information at both the SECRET and TOP SECRET levels. Suite B sets a good direction for the future of network security, and the Suite B algorithms have been incorporated into many standards. (Cisco supported the development of some of these standards, including GCM authenticated encryption and implementation methods for ECC.) NGE uses the Suite B algorithms for two different reasons. First, it enables government customers to conform to the Suite B requirements. Second, Suite B offers the best technologies for future-proof cryptography, and is setting the trend for the industry. These are the best standards that one can implement today if the goal is to meet the security and scalability requirements ten years hence, or to interoperate with the crypto that will be deployed in that timescale.

A network encryption system must meet the networks requirements for high throughput, high numbers of connections, and low latency, while providing protection against sophisticated attacks. Cryptographic algorithms and key sizes are designed to make it economically infeasible for an attacker to break a cryptosystem. In principle, all algorithms are vulnerable to an exhaustive key search. In practice, this vulnerability holds only if an attacker can afford enough computing power to try every possible key. Encryption systems are designed to make exhaustive search too costly for an attacker, while also keeping down the cost of encryption. The same is true for all of the cryptographic components that are used to secure communications digital signatures, key establishment, and cryptographic hashing are all engineered so that attackers cant afford the computing resources that would be needed to break the system.

Every year, advances in computing lower the cost of processing and storage. These advances in computing accrue over the years and make it imperative to periodically move to larger key sizes. Because of Moores law, and a similar empirical law for storage costs, symmetric cryptographic keys need to grow by a bit every 18 months. In order for an encryption system to have a useful shelf life, and be able to securely interoperate with other devices throughout its operational lifespan, it should provide security ten or more years into the future. The use of good cryptography is more important now than ever before, due to the threat of well-funded and knowledgeable attackers.

A complete crypto suite includes algorithms for authenticated encryption, digital signatures, key establishment, cryptographic hashing. I touch on each of these below, to explain the need for technology changes. The Rivest-Shamir-Adleman (RSA) algorithms for encryption and digital signatures are less efficient at higher security levels, as is the integer-based Diffie-Hellman (DH). In technical terms, there are sub-exponential attacks that can be used against these algorithms, and thus their key sizes must be substantially increased to compensate for this fact. In practice, this means that RSA and DH are becoming less efficient every year.

Elliptic Curve Cryptography (ECC) replaces RSA signatures with the ECDSA algorithm, and replaces the DH key exchange with ECDH. ECDSA is an elliptic curve variant of the DSA algorithm, which has been a standard since 1994. ECDH is an elliptic curve variant of the classic Diffie-Hellman key exchange. DH and DSA are both based on the mathematical group of integers modulo a large prime number. The ECC variants replace that group with a different mathematical group that is defined by an elliptic curve. The advantage of ECC is that there are no sub-exponential attacks that work against ECC, which means that ECC can provide higher security at lower computational cost. The efficiency gain is especially pronounced as one turns the security knob up.

The AES block cipher is widely used today; it is efficient and provides a good security level. However, the Cipher Block Chaining (CBC) mode of operation for AES, which is commonly used for encryption, contains serialized operations that make it impossible to pipeline. Additionally, it does not provide authentication, and thus the data encrypted by CBC must also be authenticated using a message authentication code like HMAC. NGE improves on the combination of CBC and HMAC by using AES in the Galois/Counter Mode (GCM) of operation.

Fifteen years ago, it was considered a truism that encryption could not keep up with the fastest networks. Ten years ago, it was realized that the counter mode of operation (CTR) could keep up, but that did not resolve the need for data authentication. GCM solves this problem by incorporating an efficient authentication method, based on arithmetic over finite fields. GCM is an authenticated encryption algorithm; it provides both confidentiality and authenticity. Combing both these security services into a single algorithm improves both security and performance. (For instance, it prevents subtle attacks that exploit unauthenticated encryption, such as the recent BEAST attack against the TLS/SSL protocol and similar attacks.) AES-GCM is efficient even at very high data rates, because its design enables the use of full data pipelines and parallelism. Its efficiency is showcased by its use in the IEEE MACsec protocol, where it has kept up with 802.1 data rates of 10, 40, and even 100 gigabits per second without adding significant latency.

NGE follows Suite B and uses the SHA-2 family of hash functions. These functions replace the ubiquitous SHA-1 hash with SHA-256, SHA-384, and SHA-512. SHA-1 only targets an 80-bit security level, and has been shown to not meet that goal. If you are still using SHA-1, you should transition to SHA-256, which provides a 128-bit security level.

For more information about Ciscos offering for faster next-generation encryption, see the Cisco VPN Internal Service Module for the ISR G2 page.

Its no secret that we at DataShield are large proponents of data security. Not only are data breaches incredibly expensive, but there are also laws regarding data securitythat need to be followed if businesses want to avoid large fines.

And while we are obviously advocates of shredding hard drivesonce its time to get rid of your computer, doing that only guarantees the safety of your data once its time for new hard drives. So what about all the time in between?

Enter data encryption: a highly recommended way to keep your data out of the wrong hands the entire time its on your computer.

Encryption is a technique for transforming informationon a computer in such a way that it becomes unreadable. So, even if someone is able to gain access to a computer with personal data on it, they likely wont be able to do anything with the data unless they have complicated, expensive software or the original data key.

The basic function of encryption is essentially to translate normal text into ciphertext. Encryption can help ensure that data doesnt get read by the wrong people, but can also ensure that data isnt altered in transit, and verify the identity of the sender.

There are three different basic encryption methods, each with their own advantages (list courtesy of Wisegeek):

Any of these methods would likely prove sufficient for proper data security, and a quick Google search will reveal the multitude of software available for data encryption. Data encryption is a necessity (both for legal reasons and otherwise) when transmitting information like PHI, so no matter what method you choose, make sure youre doing everything you can to protect data.

Dont just stop with encryption, though. DataShield offers compliance consultingto ensure that all of your business data and policies are up-to-spec for local and federal laws.

Contact us today for more information on how DataShield can help your data stay safe through its entire life cycle, from its conception to its destruction, when your computer is finally thrown out.